"Most Q2 Attacks Targeted Old Microsoft Vulnerabilities"
Security researchers have revealed that attacks targeting a Remote Code Execution (RCE) vulnerability in Microsoft's MSHTML browser engine, which was patched last September, increased dramatically during the second quarter of this year. Last quarter, researchers counted at least 4,886 attacks targeting the flaw (CVE-2021-40444), a significant increase over the first quarter of 2022. The ease with which the vulnerability can be exploited is what keeps adversaries interested in it. Threat actors have exploited the flaw in attacks against the energy and industrial sectors, research and development, IT companies, and financial and medical technology firms. In many of these attacks, social engineering techniques were used to trick victims into opening specially crafted Office documents, which then downloaded and executed a malicious script. The flaw was actively being exploited when Microsoft first disclosed it in September 2021. The MSHTML flaw attacks were part of a larger set of exploit activities last quarter that overwhelmingly targeted Microsoft vulnerabilities. Exploits for Windows vulnerabilities accounted for 82 percent of all exploits across all platforms in the second quarter of 2022. Although the MSHTML vulnerability received the most attention, it was far from the most exploited flaw. An analysis revealed many attacks on a few other vulnerabilities from 2018 and 2017. CVE-2018-0802 was one of them, an RCE vulnerability in Microsoft Office that was exploited 345,827 times last quarter. Another similar memory corruption flaw (CVE-2017-11882) from 2017 was targeted in 140,623 attacks, while a Microsoft Office/WordPad RCE flaw (CVE-2017-0199) from 2017 was involved in 60,132 attacks. This article continues to discuss the findings regarding Q2 attacks and the targeting of old Microsoft vulnerabilities.
Dark Reading reports "Most Q2 Attacks Targeted Old Microsoft Vulnerabilities"